Class Calls Shutterfly ‘Face Prints’ Illegal

CHICAGO (CN) – A federal class action claims online photo sharing service Shutterfly illegally uses facial recognition software to create a “face print” of anyone in its database of 20 billion photos. Brian Norberg of Chicago says he’s never used Shutterfly or its subsidiary ThisLife and never had an account with either of them. He claims they’re violating the Illinois Biometric Information Privacy Act by “collecting, storing, and using – without providing notice, obtaining informed written consent or publishing data retention policies – the biometrics of millions of unwitting individuals who are not users of Shutterfly.” Though Norberg never had anything to do with Shutterfly, but a Shutterfly user uploaded photos of him, and now the company has his face template stored in its database. When the same user uploaded photos of him a second time, the website automatically recognized his picture and prompted the user to identify him. Shutterfly boasted of having 20 billion photos in its database in 2013, and said it could identify people in the photos using “photo ranking algorithms” and “advanced image analysis.” ThisLife states online that its service “makes face tagging quick and easy without facial recognition [technology],” which “automatically recognizes faces (even babies and kids!) and puts them in groups to make it fast and easy for you to tag.” (Brackets and parentheses in complaint.) “Specifically, defendants have created, collected and stored millions of ‘face templates’ (or ‘face prints’) – highly detailed geometric maps of the face – from millions of individuals, many thousands of whom are non Shutterfly users residing in the State of Illinois,” Norberg says. “Defendants create these templates using sophisticated facial recognition technology that extracts and analyzes data from the points and contours of faces appearing in photos uploaded by their users. Each face template is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.” ThisLife’s tagging feature automatically prompts a user to tag a person to their face if that person’s face template is already in its database. The Illinois Biometric Information Privacy Act requires a company to inform a person in writing that it is collecting his or her biometric information and make its retention and destruction practices publicly available. Illinois is one of two states in the nation that restricts the use of biometric data. Under the law, a company must receive a written release from a person before collecting his or her biometric information. Yet “defendants’ proprietary facial recognition technology scans every user-uploaded photo from faces, extracts geometric data relating to the unique points and contours (i.e. biometric identifiers) of each face, and then uses that data to create and store a template of each face – all without every informing anyone of this practice,” the complaint states. Norberg claims that several Shutterfly patents describe its process for scanning photos and storing face templates without informed consent. He says he never gave Shutterfly permission to collect or store his biometric information, nor was he ever provided with a written release to sign. He seeks class certification, an injunction, and damages of $5,000 for each “intentional and reckless violation” of BIPA, or alternatively, $1,000 in statutory damages for each violation. He is represented by Katrina Carroll with Lite, DePalma and Greenberg.